FY 2018 Independent Evaluation of the NCUA's Compliance with FISMA 2014

View Report

Date Issued

Wednesday, October 31, 2018

Submitting OIG

National Credit Union Administration OIG

Other Participating OIGs

National Credit Union Administration OIG

Agencies Reviewed/Investigated

National Credit Union Administration

Report Number

OIG-18-07

Report Description

The Office of Inspector General for the National Credit Union Administration (NCUA) engaged CliftonLarsonAllen LLP (CLA) to independently evaluate the NCUA's information security and privacy management programs and controls for compliance with the Federal Info1mation Security Modernization Act of 2014 and federal regulations and standards.CLA evaluated the NCUA's information security and privacy management programs through interviews, documentation reviews, technical configuration reviews, and sample testing. This year, CLA also conducted a vulnerability assessment of NCUA's network.

Report Type

Inspection / Evaluation

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Additional Details

https://www.ncua.gov/About/Pages/inspector-general/audit-reports/Documents/oig-…

Open Recommendations

This report has 2 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
8.OIG-18-07Recommendation	Yes	$0	$0
The Office of the Chief Information Officer enforce the policy to remediate patch and configuration related vulnerabilities within agency defined timeframes.
9.OIG-18-07Recommendation	No	$0	$0
The Office of the Chief Information Officer implement a process to detect and migrate unsupported software to supported platforms before support for the software ends.